Twitter security updates to prevent hacked accounts

By Edd Gent

Published Friday, May 9, 2014

Twitter has announced an update to its security features, including revised methods for resetting passwords, aimed at preventing account hacking.

A post on the social network's official blog explained how the way passwords are retrieved and reset has been changed to make it more secure for users to regain access to their account if they forget a password.

The new reset procedure gives users the option of whether they would like the reset information sent to an email address or a telephone number linked to their account, depending on what they have access to at the time.

The new identification process will see Twitter begin to analyse different aspects of a login, including location, the device used and login history, in order to spot any suspicious behaviour. Should the site become suspicious of a login it will prompt users to enter further information before granting access to the account.

Mollie Vandor, product manager at Twitter, said: "We know some of you occasionally have difficulty accessing your Twitter account, and whatever the circumstances may be, we want you to be able to get back into it quickly and securely.

"So today we're starting to roll out two improvements that will help protect your account and restore access: one, a streamlined password reset experience; and two, better identification and blocking of suspicious logins."

A hacked Twitter account has been a common issue on the site for some time, and the company believes this tweak will help to prevent such incidents in the future.

David Emm, from the global research and analysis team at digital security firm Kaspersky Lab, said: "I think this adds a level of flexibility that will help anyone who forgets their password. And since you have to choose one of the e-mail addresses or phone numbers that are already associated with the account, it doesn't add this flexibility at the expense of security.

"I also think that monitoring for suspicious login attempts is a positive thing too. It may seem a bit invasive at first glance, but it's similar to what the banks do for credit and debit card use, and it offers an additional safeguard against someone hacking your account.

"I would see this as selective enforcement of two-factor authentication – and strikes a good balance between security and ease of use."